Hi,
I’m writing to confirm my implementation of SSL and www.mydomain.com and mydomain.com (i.e. without www) is correct.
I have certs already purchased from name.com. I’ve got those in place and referenced in the default file in the path /etc/nginx/sites-enabled and checked against sudo nginx -t to ensure syntax is ok.
This looks like:
server {
listen 443 ssl;
server_name www.mydomain.com mydomain.com;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_certificate /home/nodeapp/www.mydomain.com.chained.crt;
ssl_certificate_key /home/nodeapp/www.mydomain.com.key;
}
I’ve added by www.mydomain.com and mydomain.com as domains, so dokku domains node app shows:
mydomain.com
www.mydomain.com
The command dokku certs:info mydomain shows the certificate details with:
=====> Common Name(s):
=====> www.mydomain.com
=====> www.mydomain.com
=====> mydomain.com
Then in my Cloudflare DNS settings (where i also have redirect from non www to www with https) I have 2 records:
A record -> mydomain.com -> points to my droplet IP CNAME record -> www -> points to @ - is an alias of mydomain.com
Advice/confirmations would be appreciated.
Many Thanks
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.
Hi,
I did a ls -a at the path /etc/nginx/sites-enabled and there is only file file default.
Anywhere else this I need to be checking?
Could this be because I have 2 domains listed - i.e. if i do dokku domains myapp, i’m presented with www.mydomain.com and mydomain.com?
In the directory where your server blocks are, do you happen to have an extra file that’s marked with a tilde (~) or a temp file by chance? Or even a dot, or .save, or something of that nature?
From the looks of it, NGINX is trying to load your server block twice and when it does it’s stating that the domain is already loaded from one configuration file so it’s ignoring the second.
If NGINX is setup to load everything from /etc/nginx/sites-enabled, for example, it will attempt to load everything in that directory. So if there’s an extra server block with the same information, you’ll see the logs populated with that error.
Thanks - changing that CloudFlare to “Full (Strict)” and a reload dokku deploy nodeapp seemed to help.
I’ll keep an eye on that conflicting server name error. I’m not sure why that appeared.
Finally, regarding the SSLs. Is this a 2 step process? Namely, I need to :
1 - In my default file of path /etc/nginx/sites-enabled I add:
server {
listen 443 ssl;
server_name www.mydomain.com mydomain.com;
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_ciphers 'EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH';
ssl_certificate /home/nodeapp/www.mydomain.com.chained.crt;
ssl_certificate_key /home/nodeapp/www.mydomain.com.key;
}
2 - I also add the certs using dokku certs:add e.g.:
cat fullchain.pem > server.crt
cat privkey.pem > server.key
tar cvf certs.tar server.crt server.key
dokku certs:add nodeapp < certs.tar
I ask because tutorials I’ve seen mention Step 1, but not Step 2
Thanks again!
The issue of “too many redirects” is an issue with CloudFlare. You’ll need to login to the CloudFlare control panel and under their “Crypto” tab, make sure SSL is set to “Full (Strict)” and allow that to take effect.
As for the error log, if you could, please post the full server block(s) so I can take a look at them. You can comment out the domain and/or IP’s if needed.
Try DigitalOcean for free
Click below to sign up and get $100 of credit to try our products over 60 days!
Also to note - its fully working. I thought it was as the Cloudflare SSL was taking over. However now I’ve disabled it when going to the URL - I get
too many redirects occurred.And In the
sudo cat /var/log/nginx/error.log- I get the following: